Rkhunter is a very useful tool that is used to check for trojans, rootkits, and other
security problems.This tutorial will touch on installing and setting up a daily report
http://rkhunter.sourceforge.net/
security problems.This tutorial will touch on installing and setting up a daily report
http://rkhunter.sourceforge.net/
# wget http://downloads.sourceforge.net/project/rkhunter/rkhunter/1.3.8/rkhunter-1.3.8.tar.gz
# wget http://sourceforge.net/projects/rkhunter/files/latest/download
# wget http://sourceforge.net/projects/rkhunter/files/latest/download
# tar - xzvf rkhunter-1.3.8.tar.gz
# cd rkhunter-1.3.8.tar.gz OR cd rkhunter-*
# ./installer.sh --layout default --install
# cd ..
# rm -Rf rkhunter*
# /usr/local/bin/rkhunter --update
# /usr/local/bin/rkhunter --propupd
# ./installer.sh --layout default --install
# cd ..
# rm -Rf rkhunter*
# /usr/local/bin/rkhunter --update
# /usr/local/bin/rkhunter --propupd
Now cron it to run on daily basis and email you
# nano -w /etc/cron.daily/rkhunter.sh
#!/bin/sh
(
/usr/local/bin/rkhunter --versioncheck
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --cronjob --report-warnings-only
) | /bin/mail -s 'rkhunter Daily Run (YourServer HostName Here)' your@email.com
Remember to change YourServerNameHere and your@email.com
(
/usr/local/bin/rkhunter --versioncheck
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --cronjob --report-warnings-only
) | /bin/mail -s 'rkhunter Daily Run (YourServer HostName Here)' your@email.com
Remember to change YourServerNameHere and your@email.com
#chmod 700 /etc/cron.daily/rkhunter.sh
You can update rootkit hunter to latest version using
# rkhunter --update
and you can do scan using
#/usr/local/bin/rkhunter -c OR rkhunter --check
# rkhunter --update
and you can do scan using
#/usr/local/bin/rkhunter -c OR rkhunter --check
Rkhunter Installation
http://www.webhostgear.com/141.html
Rkhunter is a very useful tool that is used to check for trojans, rootkits, and other
security problems.This tutorial will touch on installing and setting up a daily report
for rkhunter.
Installing:
wget http://downloads.rootkit.nl/rkhunter-1.2.7.tar.gz
tar -zxvf rkhunter-1.2.7.tar.gz
cd rkhunter-1.2.7
./installer.sh
Now you can run a test scan with the following command:
/usr/local/bin/rkhunter -c
How to setup a daily scan report?
pico /etc/cron.daily/rkhunter.sh
add the following replacing your email address:
#!/bin/bash
(/usr/local/bin/rkhunter -c --cronjob 2>&1 | mail -s "Daily Rkhunter Scan Report"
email@domain.com)
chmod +x /etc/cron.daily/rkhunter.sh
Updating rkhunter
gets the latest database updates from their central server and matches your OS
better to prevent false positives.
# rkhunter --update
I just got a false positive!! What do i do?False positives are warnings which indicates
there is a problem, but aren't really a problem. Example: some Linux distro updated
a few common used binaries like `ls` and `ps`. You (as a good sysadmin) update
the new packages and run (ofcourse) daily Rootkit Hunter. Rootkit Hunter isn't yet
aware of these new files and while scanning it resports some "bad" files. In this
case we have a false positive. You could always have your datacenter or a system
administrator check out the server to verify that it is not compromised.
More information on rkhunter can be found here: http://www.rootkit.nl
How to install RkHunter on linux server
wget http://downloads.rootkit.nl/rkhunter-1.2.7.tar.gz
tar -zxvf rkhunter-1.2.7.tar.gz
cd rkhunter-1.2.7
./installer.sh
Now you can run a test scan with the following command:
/usr/local/bin/rkhunter -c
How to setup a daily scan report?
vi /etc/cron.daily/rkhunter.sh
#!/bin/bash
(/usr/local/bin/rkhunter -c --cronjob 2>&1 | mail -s "Daily Rkhunter
Scan
Report" email@domain.com)
# chmod
# rkhunter --update
x /etc/cron.daily/rkhunter.sh
http://www.webhostgear.com/141.html
Rkhunter is a very useful tool that is used to check for trojans, rootkits, and other
security problems.This tutorial will touch on installing and setting up a daily report
for rkhunter.
Installing:
wget http://downloads.rootkit.nl/rkhunter-1.2.7.tar.gz
tar -zxvf rkhunter-1.2.7.tar.gz
cd rkhunter-1.2.7
./installer.sh
Now you can run a test scan with the following command:
/usr/local/bin/rkhunter -c
How to setup a daily scan report?
pico /etc/cron.daily/rkhunter.sh
add the following replacing your email address:
#!/bin/bash
(/usr/local/bin/rkhunter -c --cronjob 2>&1 | mail -s "Daily Rkhunter Scan Report"
email@domain.com)
chmod +x /etc/cron.daily/rkhunter.sh
Updating rkhunter
gets the latest database updates from their central server and matches your OS
better to prevent false positives.
# rkhunter --update
I just got a false positive!! What do i do?False positives are warnings which indicates
there is a problem, but aren't really a problem. Example: some Linux distro updated
a few common used binaries like `ls` and `ps`. You (as a good sysadmin) update
the new packages and run (ofcourse) daily Rootkit Hunter. Rootkit Hunter isn't yet
aware of these new files and while scanning it resports some "bad" files. In this
case we have a false positive. You could always have your datacenter or a system
administrator check out the server to verify that it is not compromised.
More information on rkhunter can be found here: http://www.rootkit.nl
How to install RkHunter on linux server
wget http://downloads.rootkit.nl/rkhunter-1.2.7.tar.gz
tar -zxvf rkhunter-1.2.7.tar.gz
cd rkhunter-1.2.7
./installer.sh
Now you can run a test scan with the following command:
/usr/local/bin/rkhunter -c
How to setup a daily scan report?
vi /etc/cron.daily/rkhunter.sh
#!/bin/bash
(/usr/local/bin/rkhunter -c --cronjob 2>&1 | mail -s "Daily Rkhunter
Scan
Report" email@domain.com)
# chmod
# rkhunter --update
x /etc/cron.daily/rkhunter.sh
No comments:
Post a Comment